General

  • Target

    ba14df5ab0c498214845f06727b967e8

  • Size

    465KB

  • Sample

    240308-a162yabe6x

  • MD5

    ba14df5ab0c498214845f06727b967e8

  • SHA1

    d812844ac58838fc3887898188d8beaae34776b9

  • SHA256

    294c493463c8777d532d16b1f67d064dd74900788d9f7e562dd57e0eb6905d82

  • SHA512

    bd5069269bc3c2ac28d12626dcbd800ca1fdb634aa0a72e79b92360b25f262e6f72a7623a35d28bdc0affa5fbc991f4b81fbd6c406e8b26ab7aa0898c50ad7b7

  • SSDEEP

    6144:hCWDYuPpV5K98TJPaWFlwBrWAyojLd8zmWGjC7IivbzHGOlB:JDYWpO4daWTwloofeztGdi/HGa

Malware Config

Extracted

Family

lokibot

C2

http://185.227.139.18/dsaicosaicasdi.php/SczbkxCQZQyVr

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      ba14df5ab0c498214845f06727b967e8

    • Size

      465KB

    • MD5

      ba14df5ab0c498214845f06727b967e8

    • SHA1

      d812844ac58838fc3887898188d8beaae34776b9

    • SHA256

      294c493463c8777d532d16b1f67d064dd74900788d9f7e562dd57e0eb6905d82

    • SHA512

      bd5069269bc3c2ac28d12626dcbd800ca1fdb634aa0a72e79b92360b25f262e6f72a7623a35d28bdc0affa5fbc991f4b81fbd6c406e8b26ab7aa0898c50ad7b7

    • SSDEEP

      6144:hCWDYuPpV5K98TJPaWFlwBrWAyojLd8zmWGjC7IivbzHGOlB:JDYWpO4daWTwloofeztGdi/HGa

    • Detect ZGRat V1

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks